24399 – lxc no longer working due to fcntl(fd, F_GET_SEALS) failure

Bug 24399 - lxc no longer working due to fcntl(fd, F_GET_SEALS) failure

Summary: lxc no longer working due to fcntl(fd, F_GET_SEALS) failure

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	6
Hardware:	i586 Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	All Packagers
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-02-21 11:07 CET by Dan Fandrich
Modified:	2020-08-16 22:35 CEST (History)
CC List:	6 users (show)

See Also:
Source RPM:	lxc-2.0.8-1.1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Dan Fandrich 2019-02-21 11:07:26 CET

Description of problem:
The lxc-2.0.8-1.1.mga6 ported a security fix that uses fcntl(fd, F_GET_SEALS), however this call is failing whenever I try to start my lxc containers since the update. The error message is as follows:

lxc-execute: cgroups/cgfsng.c: create_path_for_hierarchy: 1328 Path "/sys/fs/cgroup/systemd//lxc/busybox" already existed.
lxc-execute: cgroups/cgfsng.c: cgfsng_create: 1385 No such file or directory - Failed to create /sys/fs/cgroup/systemd//lxc/busybox: No such file or directory
No such file or directory - Failed to determine whether this is a memfd
Failed to re-execute liblxc via memory file descriptor

The memfd error seems to be the root cause as it causes the rest of the execution to abort. That error comes from the new is_memfd() function in 0003-CVE-2019-5736-runC-rexec-callers-as-memfd.patch

Version-Release number of selected component (if applicable):
lxc-2.0.8-1.1.mga6

How reproducible:
100%

Steps to Reproduce:
1. Configure an LXC container (called busybox in this example)
2. Start it with: sudo lxc-execute -n busybox -- /bin/sh
3. Profit!

Dan Fandrich 2019-02-21 11:08:09 CET

CC: (none) => luigiwalser

David Walser 2019-02-21 14:35:07 CET

CC: luigiwalser => nicolas.salguero

Comment 1 Marja Van Waes 2019-02-21 14:38:57 CET

Assigning to all packagers collectively, since there is no registered maintainer for this package.

Also CC'ing some (Cauldron) committers.

CC: (none) => bruno, cjw, geiger.david68210, marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Aurelien Oudelet 2020-08-16 22:35:55 CEST

Mageia 6 changed to end-of-life (EOL) status on 2019-09-30. It is no longer 
maintained, which means that it will not receive any further security or bug 
fix updates.

Package Maintainer: If you wish for this bug to remain open because you plan 
to fix it in a currently maintained version, simply change the 'version' to 
a later Mageia version.

Bug Reporter: Thank you for reporting this issue and we are sorry that we 
weren't able to fix it before Mageia 6's end of life. If you are able to 
reproduce it against a later version of Mageia, you are encouraged to click 
on "Version" and change it against that version of Mageia.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a more recent
Mageia release includes newer upstream software that fixes bugs or makes them
obsolete.

If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].

[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/

Best regards,
Aurélien
Bugsquad Team

Resolution: (none) => OLD
CC: (none) => ouaurelien
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.